Pages

About us

H4xOrin' T3h WOrLd

Sunny Kumar is a computer geek and technology blogger. He is a founder and editor of H4xOrin’ T3h WOrLd web-site. Always passionate about Ethical Hacking, Penetration Testing of Web applications, security, gadgets and ev-erything to go with it.His goal of life is to raise the awareness of Information Security, which is nowadays is the key to a successful business.

Username and unencrypted passwords posted online after hack attack on Yahoo Voice network. The most interesting thing in this hack is that hacker use simple SQL union all queries to get dump of yahoo database.

More than 450,000 usernames and unencrypted passwords appear to have
been stolen from Yahoo Voice, a user-contribution services on Yahoo's
network, and posted online.

Similar attacks have been reported separately against other online
services, including Android Forums and Formspring, where users are being
encouraged to change their passwords immediately, and to check whether
they used the same password on other services.

It is not known whether the attacks are linked. Both Formspring and
Android Forums encrypted the passwords that they stored, although that
is not a guarantee that they cannot be cracked.

However the Yahoo attack is
potentially the most serious. Yahoo bought Associated Content for $100m
(£64.5m) in May 2010, and then set it up as Yahoo Voices, allowing
user-generated content to be posted online.

Yahoo claims to have more than 600,000 contributors – which would
include many of the data dump if it is verified. The Guardian could not
verify whether any of the accounts were still active.

The last entries in the data dump appear to be linked to IDs which were
created in 2006 – which could mean that the listing discovered by the
hacker, or hackers, is an old one that is no longer in use.

Security experts said that the most worrying aspect of the attack was
that the passwords for the accounts were not encrypted – meaning that
any hacker could scoop up the emails and immediately start using them
against other services, including Yahoo Mail.

That potentially puts far more at risk than just the Yahoo Voices accounts if they are still active.

Writing at the Trusted Security site, David Kennedy noted that: "The
passwords [were linked to] a wide variety of email addresses including
those from yahoo.com, gmail.com, [and] aol.com," and that they seem to
have been extracted using an SQL injection attack – an increasingly
common form of hacking attack in which flaws in the database and web
software are exploited to get administrator-level access to the contents
and structure of a database.

The page containing the Yahoo Voice addresses has all the details of the
structure of the database that holds the details, as well as the
usernames and passwords.

The Yahoo Voice hack has been claimed by a group or individual calling themselves "the D33Ds Company"